Employer’s policy falls foul of privacy legislation Employer’s policy falls foul of privacy legislation

Filters

Employer’s policy falls foul of privacy legislation

4 June 2019 | Employer's Liability

In an important decision for employers using, or intending to use biometric scanning systems in the workplace an employee has won his appeal, with the Full Bench of the Fair Work Commission finding that the employee's dismissal for refusing to use the fingerprint scanning system for recording attendance was unfair.

In Issue

  • Was the collection of employees’ biometric information consistent with obligations under the Privacy Act?
  • Was the introduction of the employer’s Site Attendance Policy just and reasonable?

The Background

In October 2017 Superior Wood, which operates sawmills in Queensland, announced the introduction of biometric scanners at its sites to record on-site attendance. The purpose of the system was to improve the integrity and efficiency of the payroll process, as well as improve safety (namely, being able to quickly identify who was on site in the case of an emergency).

Mr Lee, who was employed as a casual General Hand, refused to use the scanners due to concerns that 'sensitive information' (being the biometric data) could be leaked or misused, and was in breach of the Privacy Act.

After multiple meetings to discuss his concerns, Mr Lee was dismissed for failing to follow a lawful and reasonable instruction.

While his unfair dismissal application was dismissed at first instance, Lee was granted leave to appeal the decision to the Full Bench.

The Decision on Appeal

A key issue for determination was whether there was a valid reason for Lee’s dismissal.

Importantly, the Full Bench found that compliance with the policy in question was not a term of his employment. Therefore, the matter to be decided was whether the direction to use the scanners to record attendance was a reasonable and lawful direction.

This, in turn, required a consideration of whether the direction was in breach of the Privacy Act. The Full Bench was satisfied that Superior Wood had breached the Australian Privacy Principles, in that it:

  • failed to have a privacy policy in place (Principle 1);
  • was not entitled to direct Lee to submit to the collection of his fingerprint data in circumstances where had had not consented to the collection (Principle 3);
  • failed to issue a privacy collection notice to Lee (or any other employee) (Principle 5).

Superior Wood argued that it had not breached the Privacy Act because the exemption relating to 'employee records' applied. However, the Full Bench held that the exemption did not apply to a record that did not exist yet (because Lee had refused to give his fingerprint data).

On this basis, it was found that the direction to Lee to submit to the collection of his fingerprint data, where he did not consent to do so, was not a lawful direction.

In re-hearing the matter, the Full Bench found that notwithstanding that Lee was provided with procedural fairness, the absence of a valid reason meant that on balance the dismissal was unjust.

The matter has now been remitted to Commissioner Simpson to determine the appropriate remedy.

Implications for you

While employers have a right to manage their business, the introduction of any policy must be both lawful and reasonable. Technology is playing an increasing part in the employment space, so employers must be aware of their obligations, particularly with respect to privacy.

Jeremy Lee v Superior Wood [2019] FWCFB 2946

Corrina Dowling

Corrina Dowling

Special Counsel